Assimp
CVE-2025-2757
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Affected products include: Assimp.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function wi
Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation via the component A
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. Rated medium
A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz t
A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the
A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp
A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CV
A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic.h of the component CSM
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3.cpp. Rated m
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. Rated medium severity (CVSS 5.3), this vulnerabilit
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today